ppp
ppp (Paul's PPP Package) is an open source package which implements the point-to-point protocol (PPP) on Linux and Solaris systems. It is implemented as single pppd daemon and acts as backend for xl2tpd, pptpd and netctl. 3G, L2TP and PPPoE connections are internally based on PPP protocol and therefore can be managed by ppp.
Installation
Make sure that your kernel is compiled with PPPoE support (present in default kernel):
$ zgrep CONFIG_PPPOE /proc/config.gz
CONFIG_PPPOE=m
Configuration
PPPoE
Create the connection configuration file:
/etc/ppp/peers/your_provider
plugin pppoe.so # rp_pppoe_ac 'your ac name' # rp_pppoe_service 'your service name' # network interface eth0 # login name name "someloginname" usepeerdns persist # Uncomment this if you want to enable dial on demand #demand #idle 180 defaultroute hide-password noauth
If usepeerdns
option is used, pppd will create the /etc/ppp/resolv.conf
file with obtained DNS addresses while establishing a connection. By default, the /etc/ppp/ip-up.d/00-dns.sh
hook script moves this file to /etc/resolv.conf
, allowing the system to use these name servers. If this is undesirable (e.g. you are using a local caching DNS), edit the /etc/ppp/ip-up.d/00-dns.sh
as you need.
Put a line like this in /etc/ppp/pap-secrets
or /etc/ppp/chap-secrets
as required by the authentication method used by your ISP.
Chap should always be preferred, when possible, if aiming at security (to understand how chap works see this), however it is OK to write these two files at the same time, pppd will automatically use the appropriate one:
someloginname * yourpassword
You can now start the link using the command:
# pppd call your_provider
Alternatively, you can use this
# pon your_provider
where your_provider is the exact name of your options file in /etc/ppp/peers
.
To see whether your PPPoE connection is started correctly, check the pppd output in system logs:
# journalctl -b --grep=pppd
On a successful connection, you will see something like the following:
Jul 09 22:42:33 localhost pppd[239]: Plugin rp-pppoe.so loaded. Jul 09 22:42:33 localhost pppd[239]: RP-PPPoE plugin version 3.8p compiled against pppd 2.4.6 Jul 09 22:42:33 localhost network[184]: RP-PPPoE plugin version 3.8p compiled against pppd 2.4.6 Jul 09 22:42:33 localhost pppd[239]: pppd 2.4.6 started by root, uid 0 Jul 09 22:42:39 localhost pppd[239]: PPP session is 292 Jul 09 22:42:39 localhost pppd[239]: Connected to a0:f3:e4:4f:e3:b0 via interface enp4s0 Jul 09 22:42:39 localhost pppd[239]: Using interface ppp0 Jul 09 22:42:39 localhost pppd[239]: Connect: ppp0 <--> enp4s0 Jul 09 22:42:39 localhost pppd[239]: CHAP authentication succeeded: CHAP authentication success Jul 09 22:42:39 localhost pppd[239]: CHAP authentication succeeded Jul 09 22:42:39 localhost pppd[239]: peer from calling number A0:F3:E4:4F:E3:B0 authorized Jul 09 22:42:39 localhost pppd[239]: Cannot determine ethernet address for proxy ARP Jul 09 22:42:39 localhost pppd[239]: local IP address 10.6.2.137 Jul 09 22:42:39 localhost pppd[239]: remote IP address 10.6.1.1 Jul 09 22:42:39 localhost pppd[239]: primary DNS address 10.6.1.1 Jul 09 22:42:39 localhost pppd[239]: secondary DNS address 210.21.196.6
By default the configuration in /etc/ppp/peers/provider
is treated as the default, so if you want to make "your_provider" the default, you can create a link like this
# ln -s /etc/ppp/peers/your_provider /etc/ppp/peers/provider
Now you can start the link by simply running:
# pon
To close a connection, use this
# poff your_provider
Easy wizard configuration
pppconfigAUR provides a dialog interface to create pppd configuration easily. The usage is as simple as running pppconfig
as root and it will guide the configuration creation.
# pppconfig --dialog
The resulting configuration can be called using pon
and discarded using poff
as mentioned before.
Starting pppd on boot
- Configure the
ppp_generic
module to load on boot. See Kernel modules#Automatic module loading with systemd for more information. -
Enable the systemd service
ppp@your_provider.service
.
Tips and tricks
Do an auto redial
If pppd is running, you can force a connection reset by sending the SIGHUP
signal to the process:
# export PPPD_PID=$(pidof pppd) # kill -s HUP $PPPD_PID
And you have redialed the connection.
persist
option enabled in your /etc/ppp/peers/provider
tab. Additionally you might want to set holdoff 0
to reconnect without waiting.Using cron
As root, do the following:
Create a bash script similar to this and give it a name (e.g. pppd_redial.sh
):
#!/bin/bash message="Restarting the PPP connection @:" $(date) pppd_id=$(pidof pppd) kill -s HUP $pppd_id echo $message
Give it execute permissions and put it on a path visible to root.
Then create a cron job using crontab -e
. Check that your EDITOR
env variable is set if the command fails. So add anywhere in the file,
0 4 * * * /bin/bash /root/pppd_redial.sh
Confirm that cronie
service is up and running. If this is not the case, just enable and start it.
Save and exit. Your PPPoE connection will now restart every day at 4AM.
Using a systemd timer
An alternative way to force a reconnect is using a systemd timer and the poff script (in particular its -r
option). Simply create a .service and .timer files with the same name:
ppp-redial.timer
[Unit] Description=Reconnect PPP connections daily [Timer] OnCalendar=*-*-* 05:00:00 [Install] WantedBy=multi-user.target
ppp-redial.service
[Unit] Description=Reconnect PPP connections [Service] Type=simple ExecStart=/usr/bin/poff -r
Now just enable and start the timer and systemd will cause a restart at the specified time.
Troubleshooting
Default route
If you have a preconfigured default route before the pppd is started, the default route is kept, so take a look in /var/log/errors.log
and if you have something like:
pppd[nnnn]: not replacing existing default route via xxx.xxx.xxx.xxx
and xxx.xxx.xxx.xxx
is not the correct route for you
- Create a new script in
/etc/ppp/ip-pre-up.d
with this content:
/etc/ppp/ip-pre-up.d/10-route-del-default.sh
#!/bin/sh /usr/bin/route del default
Note: Make sure you have a script named 'ip-pre-up' which launches *.sh in 'ip-pre-up.d' like other launch scripts do.
-
Restart the
pppd
service.
Masquerading seems to be working fine but some sites do not work
The MTU under pppoe is 1492 bytes. Most sites use an MTU of 1500. So your connection sends an ICMP 3:4 (fragmentation needed) packet, asking for a smaller MTU, but some sites have their firewall blocking that.
Enabling the PMTU clamping in iptables can solve that:
iptables -I FORWARD -o ppp0 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
Now, for some reason, just trying to save the resulting iptables configuration with iptables-save and restoring it later, does not work. It has to be executed after the other iptables configuration had been loaded. So, here is a systemd unit to solve it:
pmtu-clamping.service
[Unit] Description=PMTU clamping for pppoe Requires=iptables.service After=iptables.service [Service] Type=oneshot ExecStart=/usr/bin/iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu [Install] WantedBy=multi-user.target
And enable it.
pppd cannot load kernel module ppp_generic
When starting PPTP client, the pppd process cannot locate the appropriate module:
Couldn't open the /dev/ppp device: No such device or address Please load the ppp_generic kernel module.
The solution is to create a /etc/modprobe.d/ppp.conf
file with:
alias char-major-108 ppp_generic
The correct module will be loaded after reboot.